French data protection authority fines Google €50 million for GDPR violations

No. 2, 28 Jan 2019 Issue

On January 21, 2019, the French data protection authority – CNIL – imposed a financial penalty of 50 Million euros against Google for violations of the GDPR rules for lack of transparency, inadequate information and lack of valid consent regarding ads personalisation.

This decision was taken on the basis of complaints brought by NGOs noyb and La Quadrature du Net. The fine and finding limits itself to Google’s data practices linked to Android while the complaints also included questions related to the data activities of the company through others products such as Google Search and YouTube.

This is the first time that the CNIL applies a fine based on the GDPR. More broadly, this is also the first large fine imposed on a company as a result of a GDPR violation, sending a clear signal that regulator are ready to enforce the law.

The authority explained that the amount decided is justified by the severity and large scope of the infringements. The CNIL for instance indicates that  “the violations are continuous breaches of the Regulation as they are still observed to date. It is not a one-off, time-limited, infringement.”

On January 24, Google has announced that it will appeal this fine.

More information on this case can be found here.


Provided by Access Now.